Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=app.trufflemarket.it
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 04, 2025
Valid Until
March 04, 2026
68 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B9:E4:C8:F1:D4:AD:68:31:C3:1A:9A:A4:8B:8D:02:FE:24:DE:20:84:57:5F:83:CB:F7:CB:A9:84:7B:8C:72:F6
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
konference.neste.lv
skunkworks.amco.me
www.amigosecretoonline.com.br
amiriscostapsi.com.br
www.anthonykeen.com
www.antoinebrahimi.com
producer.anyappointment.org
admin.momentum.appac.us
ar-prints.in
dev.app.arsen.co
postofficescoin.me-south-1.aws.aurosoftware.net
www.barabana.net
www.batallacultural.org
www.beymann.capital
montpelliervolley.deeplinks.bfansports.com
www.bruceackland.com
auth.camp-stack.com
chariotagro.com
circlespace.in
www.vprotech.co.th
cointracker.cash
checkedok.corerfid.net
sms.darzin.com
download.dexx.au
dges.app
receipt.easybus.app
apply.fairhub.de
rcard.familiae.ru
www.famomakers.com
dashboard.freshfoodconnect.org
bluemarble.fyne.games
plenoil.gbbapp.com
ginooddone.com
glissandco.fr
www.haoyuanli.com
help-full.com
insulinitycare.be
d.isuzu-tis.com
mea-api.itxi.aero
mtr-sht.jec-digital.com
josedoes.com
joyaprint.com
www.julieshackman.co.uk
www.justfais.al
alpha.katipolt.com
kdstreeter.net
clinic.test.kevinjacjac.com
keyakinoki.jp
dev-hello-app.kpos.store
app.lazyladle.com
www.leguman.ch
bluniversity-performance.lernit.app
clothprint.liberte-mode.com
aarnd.livebusinessupdate.com
www.lumina-app.com
mahadevagroimpex.in
www.mahadevagroimpex.in
google.mailrecipe.com
www.melbite.com
test.michaelreza.com
app.musculatus.app
app.myclinic.today
mysynagogue.net
dev-web.omnicurenow.com
www.ouchiacademy.com
dev.support.paniscope.app
support.paniscope.app
percussionninja.com
umsjon.pulsmedia.is
pysel.com.co
share.quirk.money
staging.auth.re-shine.jp
staging.app.refractio.fr
www.rhidoctor.co.uk
securelifesettlement.com
www.shelff.jp
api.silent-james.de
app.singa-long.com
esms.sonice-aioe.com
www.sppapps.com
www.studenttimetable.com
www.sunwesthelicopters.com
rfa.telico.cloud
callscheduler.testive.com
thecompanynyc.com
dev-events.ticketspicket.com
dev.tottup.com
mfe-load-manager-qa-nocf.truckstop.com
app.trufflemarket.it
trycatchrun.com
vacatable.com
app.vbrnet.com.br
ocrgoogle.vertion1.com
test-litigation.vertion1.com
sandbox.app.volta-back.com
app.engage.ipra.voyagernetz.us
wechews.app
countdown-zen.wiselywidgets.com
www.wllflve.com
www.xrvisual.com
Other domains in certificate